Last updated: 1 October 2018
https://severnsisters.,co.uk (‘Website’) is provided by Angela Meekam, trading as Severn Sisters
(‘I’/’me’/’my’). In doing so, I may be in a position to receive and process personal information relating to you.
As the controller of this information, I’m providing this Privacy Notice (‘Notice’) to explain my approach to
personal information.
I intend only to process personal information fairly and transparently as required by data protection law
including the General Data Protection Regulation (GDPR). In particular, before obtaining information from
you I intend to alert you to this Notice, let you know how I intend to process the information and (unless
processing is necessary for at least one of the 5 reasons outlined in clause 2 below) I’ll only process the
information if you consent to that processing. The GDPR also defines certain ‘special categories’ of personal
information that’s considered more sensitive. These categories require a higher level of protection, as
explained below.
Of course, you may browse parts of this Website without providing any information about yourself and
without accepting cookies. In that case, it’s unlikely I’ll possess and process any information relating to you.
I’ll start this Notice by setting out the conditions I must satisfy before processing your data. However, you
may wish to skip to clause 5, which summarises what I intend to collect. The Notice also explains some of
the security measures I take to protect your personal information, and tells you certain things I will or won’t
do.
Sometimes, when you take a new service or product from me, or discuss taking a new service or product but
decide against, I might wish to provide you with further information about similar services or products by
email or other written electronic communication. In that situation, I will always give you the opportunity to
refuse to receive that further information and if you change your mind please let me know. I’ll endeavour to
remind you of your right to opt-out on each occasion that I provide such information.
1 Identity and contact details
1.1 Place of business: The Studio, Mansell Road, Wellington, Telford, Shropshire, TF1 1QQ
1.2 info@severnsisters.co.uk
2 When I’m allowed to collect information from you
I will only collect personal information relating to you if one of the following conditions have been satisfied:
2.1 You have clearly told me that you are content for me to collect that information for the certain
purpose or purposes that I will have specified.
2.2 The processing is necessary for the performance a contract that I have with you.
2.3 The processing is necessary so that I can comply with the law.
2.4 The processing is necessary to protect someone’s life.
2.5 The processing is necessary for performance of a task that’s in the public interest.
2.6 The processing is necessary for my or another’s legitimate interest – but in this case, I’ll balance
those interests against your interests.
3 How to consent
3.1 At the point of collecting the information, I’ll endeavour to explain how I intend to use the
information and which of these purposes apply. If I rely on consent, I’ll provide you with the
opportunity to tell me that you’re happy to provide the information.
3.2 If at any point in time you change your mind and decide that you don’t consent, please let me
know and I’ll endeavour to stop processing your information in the specified manner, or I’ll delete
your data if there is no continuing reason for possessing it.
3.3 If you don’t consent to a particular bit of processing, I’ll endeavour to ensure that the Website and
my service continue to operate without the need for that information.
4 Sensitive information
4.1 Certain information I collect may be considered to be in special categories of personal information.
In particular, it may:
4.1.1 relate to genetic data
4.1.2 relate to your health
4.1.3 relate to your sex life or sexual orientation
4.2 If I do collect such information as specified in clause 4.1, I’ll also ensure that one of the additional
reasons for processing outlined in Article 9 of the GDPR applies.
5 Information I expect to collect from you
5.1 I envisage asking for the following types of information from you:
Information
type
Purpose and related details Justification
Contact
information
(address, phone
number, email
address)
• I ask for this to tell you about special offers and to
reply to any communication you make to me
• It’s necessary for the
performance of a contract with
you
Date of birth
Gender
• I ask for this to Be able to ensure i am giving the
correct services
• This is in a special category of data stated at
clause 4.1
• It’s necessary for a legitimate
interest, having weighed this
against competing interests
• I’ll ensure that one of the
additional special category
justifications applies
5.2 I may collect personal information about you from a number of sources, including the following:
5.2.1 From you when you agree to take a service or product from me, in which case this may
include your contact details, date of birth, how you will pay for the product or service
and your bank details.
5.2.2 From you when you contact me with an enquiry or in response to a communication from
me, in which case, this may tell me something about how you use my services.
5.2.3 From documents that are available to the public, such as the electoral register.
5.2.4 From third parties to whom you have provided information with your consent to pass it
on to other organisations or persons – when I receive such information I will let you
know as soon as is reasonably practicable.
5.3 If you refuse to provide information requested, then if that information is necessary for a service I
provide to you I may need to stop providing that service.
5.4 At the time of collecting information, by whichever method is used, I’ll endeavour to alert you and
inform you about my purposes and legal basis for processing that information, as well as whether I
intend to share the information with anyone else or send it outside of the European Economic
Area. If at any point you think I’ve invited you to provide information without explaining why, feel
free to object and ask for my reasons.
6 Using your personal information
6.1 Data protection, privacy and security are important to me, and I shall only use your personal
information for specified purposes and shall not keep such personal information longer than is
necessary to fulfil these purposes. The following are examples of such purposes. I have also
indicated below which GDPR justification applies, however it will depend on the circumstances of
each case. At the time of collecting I will provide further information, and you may always ask for
further information from me.
6.1.1 To help me to identify you when you contact me. This will normally be necessary for the
performance my contract.
6.1.2 To help me to identify accounts, services and/or products which you could have from me
or selected partners from time to time. I may do this by automatic means using a
scoring system, which uses the personal information you’ve provided and/or any
information I hold about you and personal information from third party agencies
(including credit reference agencies). I will only use your information for this purpose if
you agree to it.
6.1.3 To help me to administer and to contact you about improved administration of any
accounts, services and products I have provided before, do provide now or will or may
provide in the future. This will often be necessary, but sometimes the improvements will
not be necessary in which case I will ask whether you agree.
6.1.4 To allow me to carry out marketing analysis and customer profiling (including with
transactional information), conduct research, including creating statistical and testing
information. This will sometimes require that you consent, but will sometimes be exempt
as market research.
6.1.5 To help to prevent and detect fraud or loss. This will only be done in certain
circumstances when I consider it necessary or the law requires it.
6.1.6 To allow me to contact you by written electronic means (such as email, text or
multimedia messages) about products and services offered by me where:
6.1.6.1 these products are similar to those you have already purchased from me,
6.1.6.2 you were given the opportunity to opt out of being contacted by me at the
time your personal information was originally collected by me and at the
time of my subsequent communications with you, and
6.1.6.3 you have not opted out of me contacting you.
6.1.7 To allow me to contact you in any way (including mail, email, telephone, visit, text or
multimedia messages) about products and services offered by me and selected
partners where you have expressly consented to me doing so.
6.1.8 I may monitor and record communications with you (including phone conversations and
emails) for quality assurance and compliance.
6.1.8.1 Before doing that, I will always tell you of my intentions and of the specific
purpose in making the recording. Sometimes such recordings will be
necessary to comply with the law. Alternatively, sometimes the recording
will be necessary for my legitimate interest, but in that case I’ll only record
the call if my interest outweighs yours. This will depend on all the
circumstances, in particular the importance of the information and whether I
can obtain the information another way that’s less intrusive.
6.1.8.2 If I think the recording would be useful for me but that it’s not necessary I’ll
ask whether you consent to the recording, and will provide an option for
you to tell me that you consent. In those situations, if you don’t consent, the
call will either automatically end or will not be recorded.
6.1.9 When it’s required by law, I’ll check your details with fraud prevention agencies. If you
provide false or inaccurate information and I suspect fraud, I intend to record this.
6.2 I will not disclose your personal information to any third party except in accordance with this
Notice, and in particular in these circumstances:
6.2.1 They will be processing the data on my behalf as a data processor (where I’ll be the
data controller). In that situation, I’ll always have a contract with the data processor as
set out in the GDPR. This contract provides significant restrictions as to how the data
processor operates so that you can be confident your data is protected to the same
degree as provided in this Notice.
6.2.2 Sometimes it might be necessary to share data with another data controller. Before
doing that I’ll always tell you. Note that if I receive information about you from a third
party, then as soon as reasonably practicable afterwards I’ll let you know; that’s required
by the GDPR.
6.2.3 Alternatively, sometimes I might consider it to be in your interest to send your
information to a third party. If that’s the case, I’ll always ask whether you agree before
sending.
6.3 Where you give me personal information on behalf of someone else, you confirm that you have
provided them with the information set out in this Notice and that they have not objected to such
use of their personal information.
6.4 I may allow other people and organisations to use personal information I hold about you in the
following circumstances:
6.4.1 If I, or substantially all of my assets, are acquired or are in the process of being acquired
by a third party, in which case personal information held by me, about my customers,
will be one of the transferred assets.
6.4.2 If I have been legitimately asked to provide information for legal or regulatory purposes
or as part of legal proceedings or prospective legal proceedings.
6.4.3 I may employ companies and individuals to perform functions on my behalf and I may
disclose your personal information to these parties for the purposes set out above, for
example, for fulfilling orders, delivering packages, sending postal mail and email,
removing repetitive information from customer lists, analysing data, providing marketing
assistance, providing search results and links (including paid listings and links) and
providing customer service. Those parties will be bound by strict contractual provisions
with me and will only have access to personal information needed to perform their
functions, and they may not use it for any other purpose. Further, they must process the
personal information in accordance with this Notice and as permitted by the GDPR.
From time to time, these other people and organisations to whom I may pass your
personal information may be outside the European Economic Area. I will take all steps
reasonably necessary to ensure that your personal information is treated securely and
in accordance with this Notice and the GDPR.
7 Protecting information
7.1 I have strict security measures to protect personal information.
7.2 I work to protect the security of your information during transmission by using Secure Sockets
Layer (SSL) software to encrypt information you input.
7.3 I reveal only the last five digits of your credit card numbers when confirming an order. Of course, I
transmit the entire credit card number to the appropriate credit card company during order
processing.
7.4 I maintain physical, electronic and procedural safeguards in connection with the collection, storage
and disclosure of personally identifiable customer information. My security procedures mean that I
may occasionally request proof of identity before I disclose personal information to you.
7.5 It is important for you to protect against unauthorised access to your password and to your
computer. Be sure to sign off when you finish using a shared computer.
8 The internet
8.1 If you communicate with me using the internet, I may occasionally email you about my services
and products. When you first give me personal information through the Website, I will normally
give you the opportunity to say whether you would prefer that I don’t contact you by email. You
can also always send me an email (at the address set out below) at any time if you change your
mind.
8.2 Please remember that communications over the internet, such as emails and webmails
(messages sent through a website), are not secure unless they have been encrypted. Your
communications may go through a number of countries before they are delivered – this is the
nature of the internet. I cannot accept responsibility for any unauthorised access or loss of
personal information that is beyond my control.
8.3 The Website may include links to third-party websites. I do not provide any personally identifiable
customer personal information to these third-party websites unless you’ve consented in
accordance with this privacy notice.
8.4 I exclude all liability for loss that you may incur when using these third-party websites.
9 Further information
9.1 If you would like any more information or you have any comments about this Notice, please either
write to me at Data Protection Manager, Angela Meekam, trading as Severn Sisters, The Studio,
Mansell Road, Wellington, Telford, Shropshire, TF1 1QQ, or email me at
info@severnsisters.co.uk.
9.2 Please note that I may have to amend this Notice on occasion, for example if I change the cookies
that I use. If I do that, I will publish the amended version on the Website. In that situation I will
endeavour to alert you to the change, but it’s also your responsibility to check regularly to
determine whether this Notice has changed.
9.3 You can ask me for a copy of this Notice by writing to the above address or by emailing me at
info@severnsisters.co.uk. This Notice applies to personal information I hold about individuals. It
does not apply to information I hold about companies and other organisations.
9.4 If you would like access to the personal information that I hold about you, you can do this by
emailing me at info@severnsisters.co.uk or writing to me at the address noted above. There is not
normally a fee for such a request, however if the request is unfounded, repetitive or excessive I
may request a fee or refuse to comply with your request. You can also ask me to send the
personal information I hold about you to another controller.
9.5 I aim to keep the personal information I hold about you accurate and up to date. If you tell me that
I’m holding any inaccurate or incomplete personal information about you, I will promptly amend,
complete or delete it accordingly. Please email me at info@severnsisters.co.uk or write to me at
the address above to update your personal information. You have the right to complain to the
Information Commissioner’s Office if I don’t do this.
9.6 You can ask me to delete the personal information that I hold about you if I relied on your consent
in holding that information or if it’s no longer necessary. You can also restrict or object to my
processing of your personal information in certain circumstances. You can do this by emailing me
at info@severnsisters.co.uk or writing to me at the address noted above.
9.7 I will tell you if there is a breach, or a likely breach, of your data protection rights.
‘Just-in-time’ notices
Privacy notice about necessary information
I have asked for personal information from you. This information is necessary for one of the reasons
specified in the General Data Protection Regulation.
For more information, please read my full privacy notice at https://severnsisters.co.uk/privacy-policy/
If you have any concerns, please contact me using the details provided in my privacy notice.
———————————————-
What to with your document
This section tells you what to do with your privacy notice and your ‘just-in-time’ notices.
Privacy notice
Copy this to your website on the page at https://severnsisters.co.uk/privacy-policy/, and add a link to it on
every page of your website.
As you’ve relied on legitimate interests for some of your processing, ensure that you’ve conducted a
legitimate interests assessment. See: https://ico.org.uk/for-organisations/guide-to-the-general-dataprotection-
regulation-gdpr/lawful-basis-for-processing/legitimate-interests/ for more information.
‘Just-in-time’ notices
These are short notices that you put on your website at the point that you ask for information. They’ll refer
website users to your full privacy notice. You don’t have to use these, but the Information Commissioner’s
Office recommend this technique.
Copy the text below the ‘Privacy notice about necessary information’ into an appropriate space (e.g. pop-up
box) that should appear as soon as the website is opened and before the user is asked to provide
information that is necessary.